A FHIR‑native Audit Record Repository to consolidate healthcare audit logs from multiple sources and answer compliance or security questions in seconds — not weeks.
Centralize FHIR AuditEvent from your services in one standards‑based repository — a single source of truth with consistent schema and lifecycle policies.
Integrate via standard FHIR APIs and AuditEvent resources to reduce mapping and boilerplate
Capture who, what, when, where, and how for every access or change — aligned with ASTM E2147, HIPAA, and GDPR.
Optimize storage costs while retaining full compliance so that long-term regulatory retention doesn’t overload expensive SIEM or database resources.
Quickly trace user activity with a standardized API and intuitive UI so you can perform audits, reviews, and root-cause analysis without sifting through raw system logs.
{
"resourceType": "AuditEvent",
"meta": {
"profile": [
"https://profiles.ihe.net/ITI/BALP/StructureDefinition/IHE.BasicAudit.PatientDelete"
]
},
"type": {
"system": "http://terminology.hl7.org/CodeSystem/audit-event-type",
"code": "rest",
"display": "Restful Operation"
},
"subtype": [
{
"system": "http://hl7.org/fhir/restful-interaction",
"code": "delete",
"display": "delete"
}
],
"action": "D",
"recorded": "2025-09-10T12:00:00Z",
"outcome": "0",
"agent": [
{
"type": {
"coding": [
{
"system": "http://dicom.nema.org/resources/ontology/DCM",
"code": "110150",
"display": "Application"
}
]
},
"who": {
"display": "client.app.example.org"
},
"requestor": false,
"network": {
"address": "203.0.113.10",
"type": "2"
}
},
{
"type": {
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/provenance-participant-type",
"code": "custodian",
"display": "Custodian"
}
]
},
"who": {
"reference": "Device/auditbox-server"
},
"requestor": false,
"network": {
"address": "https://api.example.org/fhir",
"type": "5"
}
},
{
"type": {
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ParticipationType",
"code": "AUT",
"display": "author (originator)"
}
]
},
"who": {
"display": "Dr. Alice Smith"
},
"requestor": true
}
],
"source": {
"observer": {
"reference": "Device/auditbox-server"
},
"type": [
{
"system": "http://terminology.hl7.org/CodeSystem/security-source-type",
"code": "4",
"display": "Application Server"
}
]
},
"entity": [
{
"what": {
"reference": "Observation/obs-12345"
},
"type": {
"system": "http://terminology.hl7.org/CodeSystem/audit-entity-type",
"code": "2",
"display": "System Object"
},
"role": {
"system": "http://terminology.hl7.org/CodeSystem/object-role",
"code": "4",
"display": "Domain Resource"
}
},
{
"what": {
"reference": "Patient/patient-123"
},
"type": {
"system": "http://terminology.hl7.org/CodeSystem/audit-entity-type",
"code": "1",
"display": "Person"
},
"role": {
"system": "http://terminology.hl7.org/CodeSystem/object-role",
"code": "1",
"display": "Patient"
}
}
]
}
Agents (Actors and Roles)
Identifies every person, system, or device involved, including their roles (e.g., clinician, system, device).
Source (Site & Observer)
The system or component that detected and reported the event.
Location
Actual place of the event (e.g., clinic room, device location).
Type & Action
What happened (e.g., record accessed, updated, deleted)
Entities (Objects & Details)
Which data or resources were affected, with rich context and security labels.
Time & Outcome
When it happened and whether it succeeded or failed.
Authorization
Capture the specific reason each actor (person, system, or device) participated in it
